CVE-2025-47415 MEDIUM

CVE-2025-47415: RECWAVE Filepath Traversal

Vendor Crestron
Product TOUCHSCREENS x60, x70 series
Weakness CWE-22 · Path traversal
Published September 9, 2025
Last update September 10, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061 - (no fix released, product discontinued)   For x70   The Affected Firmware:- 3.000.0110.001  and versions below The Fixed Firmware:- 3.001.0031.001

Key dates

02Disclosure timeline

September 9, 2025 CVE published
September 10, 2025 Record updated